[Python-Dev] Hash collision security issue (now public)

Ethan Furman ethan at stoneleaf.us
Thu Jan 5 21:10:35 CET 2012

Tres Seaver wrote:
> Hash: SHA1
> On 01/05/2012 02:14 PM, Glenn Linderman wrote:
>> 1) the security problem is not in CPython, but rather in web servers 
>> that use dict inappropriately.
> Most webapp vulnerabilities are due to their use of Python's cgi module,
> which it uses a dict to hold the form / query string data being supplied
> by untrusted external users.

And Glenn suggested further down that an appropriate course of action 
would be to fix the cgi module (and others) instead of messing with dict.


More information about the Python-Dev mailing list